Facebook says it stored millions of Instagram passwords in plain text

Facebook, Instagram’s parent company, on Thursday revealed that it messed up again and stored “millions” of unencrypted Instagram passwords on internal servers.

“We discovered additional logs of Instagram passwords being stored in a readable format. We now estimate that this issue impacted millions of Instagram users,” Facebook said in a blog post.

“We will be notifying these users as we did the others. Our investigation has determined that these stored passwords were not internally abused or improperly accessed,” the social network said.

The social media giant first announced its mistake in a March 21 blog post, titled “Keeping Passwords Secure.” It revealed that the plain text passwords of hundreds of millions of users had been stored, putting the number of Instagram users affected in the tens of thousands.

Facebook’s handling of user data has been a topic of discussion since it admitted in 2018 that Cambridge Analytica, a political consultancy, used an app that may have hijacked the private details of 87 million users.

Thereafter it announced a series of measures to secure data, including eliminating most of its data-sharing partnerships with outside companies.